Skip to content

Add X509 SAN extension and RFC6125 MatchesHostname#72304

Merged
stephentoub merged 7 commits intodotnet:mainfrom
bartonjs:x509_san
Jul 20, 2022
Merged

Add X509 SAN extension and RFC6125 MatchesHostname#72304
stephentoub merged 7 commits intodotnet:mainfrom
bartonjs:x509_san

Conversation

@bartonjs
Copy link
Member

@bartonjs bartonjs commented Jul 16, 2022
edited
Loading

Fixes #22699.
Fixes #59870.

@bartonjs bartonjs added this to the 7.0.0 milestone Jul 16, 2022
@bartonjs bartonjs self-assigned this Jul 16, 2022
@ghost
Copy link

ghost commented Jul 16, 2022

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@ghost
Copy link

ghost commented Jul 16, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Fixes #22699.

Author: bartonjs
Assignees: bartonjs
Labels:

area-System.Security, cryptographic-docs-impact
Milestone: 7.0.0

vcsjones
vcsjones reviewed Jul 16, 2022
View reviewed changes
Copy link
Member

@vcsjones vcsjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And OidLookup.NoFallback.cs needs to be updated to make macOS happy.

@vcsjones
Copy link
Member

vcsjones commented Jul 18, 2022

Should this PR be Fixes #59870?

@bartonjs
Copy link
Member Author

bartonjs commented Jul 18, 2022

Should this PR be Fixes #59870?

I went ahead and marked it as such, since the EKU check can be done by X509Chain. There's probably still room for ease of use there, but I'll let it come back as a separate proposal.

vcsjones
vcsjones reviewed Jul 19, 2022
View reviewed changes
@runfoapp runfoapp bot mentioned this pull request Jul 19, 2022
Closed
@bartonjs
Apply feedback
6aca049 
* Clarify the position on SRV-ID and URI-ID matching in API docs and tests
* Add some more IPv6 tests
* Delete a now-redundant test
* Change a dead if to an assert.
@stephentoub stephentoub merged commit 0f8841d into dotnet:main Jul 20, 2022
@bartonjs bartonjs deleted the x509_san branch July 20, 2022 04:01
@karelz karelz mentioned this pull request Jul 21, 2022
Open
@ghost ghost locked as resolved and limited conversation to collaborators Aug 19, 2022
@bartonjs bartonjs added the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label Aug 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@vcsjones vcsjones vcsjones approved these changes

@stephentoub stephentoub stephentoub approved these changes

Assignees

@bartonjs bartonjs

Labels

area-System.Security needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration new-api-needs-documentation

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

X509 certificates can be easily found by target hostname Add X509SubjectAlternativeName as a rich type

3 participants

@bartonjs @vcsjones @stephentoub